No one, not even privacy pros, likes the consent experiences we’re given in ordinary online contexts. We go from forced opt-in checkboxes to cookie-directive-compliant OK buttons, wondering where our lofty Fair Information Practice Principles about user control went.
And just where did they go?
Often they’re buried under a pile of business risk mitigation. The IAPP’s own salary survey showed that the top driver for corporate privacy funding was meeting compliance obligations, and more than half of privacy groups reported into a legal or compliance department.
But a funny thing happened on the way to the API economy: A new wave of companies developed two new kinds of consent tools to meet the needs of emerging data-sharing requirements—OAuth and the “Share” button—and go beyond the minimums required by certain regulations.
OAuth: The Standard that Protects Any API
When I worked on consumer identity services at PayPal in 2009–2010, I saw the first new consent tool flower in real time. Facebook was building an API platform for user data access and was using the OAuth mechanism to secure it. OAuth lets users consent to and revoke the sewing together of third-party apps and Facebook APIs at will. We very much wanted to borrow this new tool to replicate that success, as the platform was going viral.
Yes, I did just say that: Facebook popularized a new, powerful user-consent tool.
OAuth has some very nice properties. It can protect any API, so it’s not just for personal data attributes. It can be used for any type of data retrieval—think Twitter feeds and Flickr photos—and it can even be used to put data and content back into the service. The extent of access granted can be limited to a subset of the possible operations. Moreover, OAuth is a standard, now in its second version, meaning that many companies can build to the same protocol and achieve interoperability.
Share: A Modern Approach to Consent for Data Access
The second consent tool is something you might already use every day but not think of in “consent” terms. This tool is the “Share” feature in Google Apps and similar online productivity services.
Think about it. You hit that button specifically to share sensitive data with someone else, and you can select the scope of sharing depending on the type of service. For example, in Google Docs, a drop-down menu allows a document owner to give individuals the ability to edit, comment on or view documents. Using TripIt, a traveler can share trip details with trip planners, fellow travelers and viewers, giving different levels of access automatically to each category. Even more compelling, file-sharing services such as Box enable users to configure the length of time individuals can have access to content.
If that isn’t consent for data access, what is?
The Share model makes a lot of sense. It’s proactive, so users get ahead of the consent curve, and people can share with other parties rather than just between applications that they themselves log into and use.
Cynicism in the IoT Economy
In the post-Snowden era, people have finally become cynical about where their personal data is flowing. But demands and opportunities for data sharing are only going to increase as we rush headlong into the IoT economy, a world where net-connected devices are built on top of the API economy.
These tensions are born of fear and greed.
Sure, people are looking to protect themselves. But they’re finally finding killer apps in cool devices that give them new ways to selectively share content. I recently saw an ad for a smart CPAP machine (used to treat sleep apnea) that comes with a free iOS app to “view and share data.” People aren’t posting that data on Facebook; it’s meant to be shared with medical professionals and perhaps in online forums with fellow patients.
So we now have the million-dollar question: How are we going to handle data access requirements when all of the devices, appliances and vehicles in our lives are all talking to the net? We need to step up to new consent tools, and quick. That’s where the new User-Managed Access (UMA) standard comes in.
UMA is like a combination of OAuth, the standard on which it’s built, and the Share paradigm, all wrapped up into one. It protects any API on a standardized, scoped basis. It lets people share directly with other parties and revoke access authorization whenever they see fit. Individuals can set, view and change sharing preferences from a single online control console—like a digital footprint dashboard.
Healthcare Information Sharing: A Real-World Practical Application
Imagine a health data-sharing ecosystem in which service providers such as Dr. Bob’s BHealthy practice and devices such as the Beat blood pressure monitor work with Alice’s UMA service, called ShareHub. She can hit the UMA-enabled Share button in the BHealthy portal to share the allergy portion of her health record with her husband Ted ahead of an overseas trip she’s taking and manage that preference through ShareHub.
Separately, Alice can hit Share in the portal of the Beat blood pressure monitor service to ensure Dr. Bob gets an ongoing view of her blood pressure and then manage that preference through ShareHub. Alice can visit ShareHub any time she wants to update her privacy settings. She can remove her previous doctor’s authorization and ensure her new doctor gets access, add her husband or other family members or simply revoke sharing entirely.
This scenario is not far from becoming a reality.
The UMA standard reached stability at Version 1.0 in March this year. And a new standards group called Health Relationship Trust (HEART) kicked off in January to work through and document the specifics of using OAuth, UMA and two other standards, OpenID Connect and the Fast Healthcare Interoperability Resources (FHIR) API. Together, these software pieces support security and privacy-sensitive use cases for sharing patient-centric health data.
The bottom line is that if we just had to worry about providing personal information to websites, then opt-out check-boxes might suffice—if they offered true choice! In the API economy, OAuth and proprietary Share buttons might offer a sufficiently robust consent framework.
If I’m ever going to outfit my condo with smart light bulbs and appliances made by more than one manufacturer, list my condo on AirBnB, head out of town for a week and expect to get back full control of all my devices at the end of that week, then my device data streams had better be integrated with and controllable through a convenient central dashboard. Otherwise, fear—and one really devastating household hack—will kill the consumer IoT proposition before greed gets a chance to take hold.
photo credit: green circuit board II via photopin(license)